CVE-2024-46713

perf/aux: Fix AUX buffer serialization

Description

In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch.

N/A
CVSS
Severity:
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82
https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff
https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d
https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef
https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370
https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a

Frequently Asked Questions

What is the severity of CVE-2024-46713?
CVE-2024-46713 has not yet been assigned a CVSS score.
How to fix CVE-2024-46713?
To fix CVE-2024-46713, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46713 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46713 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46713?
CVE-2024-46713 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.